Details of VAR-200411-0075

ID

VAR-200411-0075

CVE

CVE-2004-0307

TITLE

Cisco Systems optical networking systems software Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000940

DESCRIPTION

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. Cisco Systems optical networking systems software Exists in unspecified vulnerabilities.None. Cisco has reported multiple vulnerabilities in the following platforms: Cisco ONS 15327 Edge Optical Transport Platform Cisco ONS 15454 Optical Transport Platform Cisco ONS 15454 SDH Multiplexer Platform Cisco ONS 15600 Multiservice Switching Platform These issues could permit unauthorized access to devices, including unauthenticated access to GET/PUT TFTP commands on affected platforms, denial of service attacks via incomplete TCP transactions and an issue that may allow locked out superuser accounts to still authenticate. It should be noted that the various ONS platforms are intended to be deployed on networks that are physically separated from the Internet, so exposure to these issues by remote attackers is limited. Cisco ONS 15327 4.1(3), ONS 15454 4.6(1), and ONS 15454 SD4.1(3) previous versions have vulnerabilities

Trust: 1.98

sources: NVD: CVE-2004-0307 // JVNDB: JVNDB-2004-000940 // BID: 9699 // VULHUB: VHN-8737

AFFECTED PRODUCTS

vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(2\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.0\(1\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.0\(2\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.5	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(0\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(1\)	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	optical networking systems software	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.1(2)	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.0.0	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.1(0)	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	1.0	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.1(1)	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.5	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.0(2)	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.1.0	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.0(1)	Trust: 0.8
vendor:	シスコシステムズ	model:	optical networking systems software	scope:	eq	version:	4.1(3)	Trust: 0.8
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	4.1\(3\)	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	4.1\(1\)	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	4.1\(0\)	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	4.1\(2\)	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.1\(0\)	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.1\(2\)	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	4.0	Trust: 0.6
vendor:	cisco	model:	ons 15327	scope:	eq	version:	4.0\(2\)	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	4.1	Trust: 0.6
vendor:	cisco	model:	ons 15454 optical transport platform	scope:	eq	version:	4.0\(1\)	Trust: 0.6
vendor:	cisco	model:	ons	scope:	eq	version:	156001.0	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.5	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.1(2)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.1(1)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.1(0)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(3)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(2)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(1)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1(0)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.1	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.0(1)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	eq	version:	154544.0	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.1(2)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.1(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.1(0)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.0(2)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.0(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	eq	version:	153274.0	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	156001.3(0)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	156001.1(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	156001.1(0)	Trust: 0.3
vendor:	cisco	model:	ons 15454sdh	scope:	ne	version:	4.6(1)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	ne	version:	154544.1(3)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	ne	version:	154544.1(1)	Trust: 0.3
vendor:	cisco	model:	ons optical transport platform	scope:	ne	version:	154544.0(2)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	153274.1(3)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	153274.1(1)	Trust: 0.3
vendor:	cisco	model:	ons	scope:	ne	version:	153274.0(2)	Trust: 0.3

sources: BID: 9699 // JVNDB: JVNDB-2004-000940 // CNNVD: CNNVD-200411-163 // NVD: CVE-2004-0307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0307
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2004-0307
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200411-163
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8737
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0307
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8737
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8737 // JVNDB: JVNDB-2004-000940 // CNNVD: CNNVD-200411-163 // NVD: CVE-2004-0307

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000940 // NVD: CVE-2004-0307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-163

TYPE

Unknown

Trust: 0.9

sources: BID: 9699 // CNNVD: CNNVD-200411-163

PATCH

title:

Cisco ONS 15327

url:

https://www.cisco.com/web/JP/product/hs/optical/ons15327/prodlit/pdf/0261_on15327.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2004-000940

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0307	Trust: 3.6
db:	BID	id:	9699	Trust: 2.8
db:	OSVDB	id:	4009	Trust: 1.7
db:	JVNDB	id:	JVNDB-2004-000940	Trust: 0.8
db:	CNNVD	id:	CNNVD-200411-163	Trust: 0.7
db:	CISCO	id:	20040219 CISCO ONS 15327, ONS 15454, ONS 15454 SDH, AND ONS 15600 VULNERABILITIES	Trust: 0.6
db:	XF	id:	15265	Trust: 0.6
db:	VULHUB	id:	VHN-8737	Trust: 0.1

sources: VULHUB: VHN-8737 // BID: 9699 // JVNDB: JVNDB-2004-000940 // CNNVD: CNNVD-200411-163 // NVD: CVE-2004-0307

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20040219-ons.shtml	Trust: 2.8
url:	http://www.securityfocus.com/bid/9699	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15265	Trust: 1.9
url:	http://www.osvdb.org/4009	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0307	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/15265	Trust: 0.6

sources: VULHUB: VHN-8737 // BID: 9699 // JVNDB: JVNDB-2004-000940 // CNNVD: CNNVD-200411-163 // NVD: CVE-2004-0307

CREDITS

This issue was reported in a Cisco security advisory.

Trust: 0.3

sources: BID: 9699

SOURCES

db:	VULHUB	id:	VHN-8737
db:	BID	id:	9699
db:	JVNDB	id:	JVNDB-2004-000940
db:	CNNVD	id:	CNNVD-200411-163
db:	NVD	id:	CVE-2004-0307

LAST UPDATE DATE

2024-08-14T14:08:58.007000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8737	date:	2018-10-30T00:00:00
db:	BID	id:	9699	date:	2009-07-12T03:06:00
db:	JVNDB	id:	JVNDB-2004-000940	date:	2024-06-07T09:02:00
db:	CNNVD	id:	CNNVD-200411-163	date:	2005-05-16T00:00:00
db:	NVD	id:	CVE-2004-0307	date:	2018-10-30T16:26:17.390

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8737	date:	2004-11-23T00:00:00
db:	BID	id:	9699	date:	2004-02-19T00:00:00
db:	JVNDB	id:	JVNDB-2004-000940	date:	2024-06-07T00:00:00
db:	CNNVD	id:	CNNVD-200411-163	date:	2004-11-23T00:00:00
db:	NVD	id:	CVE-2004-0307	date:	2004-11-23T05:00:00